Pages:
Author

Topic: Time to bust a myth. Paper wallets are less secure than normal encrypted wallets - page 3. (Read 12404 times)

legendary
Activity: 2674
Merit: 2965
Terminated.
As long as the wallet remains offline it will remain safe. So I don't think it should be a qstn of paper wallet or not.
Have you even read anything that was written in the original post?
It seems like you have not.

If someone busts inside your house they'll see you have Bitcoins if they find the paperwallet, but on the other hand with an encrypted hidden file inside a USB they would never figure out that you are a owner of Bitcoins. This is a plus against paper wallets.
It doesn't have to be hidden nor on a USB. If you have a encrypted wallet on your PC with a good password it will be useless to them.
hero member
Activity: 770
Merit: 509
If someone busts inside your house they'll see you have Bitcoins if they find the paperwallet, but on the other hand with an encrypted hidden file inside a USB they would never figure out that you are a owner of Bitcoins. This is a plus against paper wallets.
sr. member
Activity: 406
Merit: 250
AltoCenter.com
As long as the wallet remains offline it will remain safe. So I don't think it should be a qstn of paper wallet or not.
legendary
Activity: 2674
Merit: 2965
Terminated.
This is an interesting thread. Even though I was never really praising paper wallets as the ultimate method, I have been recommending it.
I've only tried this method once myself and it was really an inconvenience for me. OP thank you.
I'm pretty sure that in the future we are going to have better software for this as currently everything is still fresh.

I would recommend installing VMware on a HDD and encrypt and keep your wallet there. Just keep it disconnected if you're storing a lot of Bitcoins.


One thing is certian the gov has your private keys 100%, do you trust the NSA?
Could you please justify this statement? Do you have an explanation on how/why or maybe a link to a research paper?
No. He's saying that it is certain that the government has your private keys.
He's talking nonsense.
hero member
Activity: 686
Merit: 500
One thing is certian the gov has your private keys 100%, do you trust the NSA?
I don't. I know they have even more that what it was revealed by that guy...
sr. member
Activity: 476
Merit: 251
One thing is certian the gov has your private keys 100%, do you trust the NSA?

Could you please justify this statement? Do you have an explanation on how/why or maybe a link to a research paper?
legendary
Activity: 1722
Merit: 1000
I have never had a problem with a paper wallet. Why is this fear-mongering starting now? I even created them on live pc. Maybe I am just lucky... idk...

WHOA WHOA WHOA..

That is a bad plan man..

You haven't had an issue until BTC EXPLODES in value and you find out that is EXACTLY what the hackers were waiting for boom it's gone...

I would be very nervious about my bitcoins if they were created on a harddrive that was connected to the web at the time or ever reconnected to the web..


One thing is certian the gov has your private keys 100%, do you trust the NSA?
hero member
Activity: 686
Merit: 500
I have never had a problem with a paper wallet. Why is this fear-mongering starting now? I even created them on live pc. Maybe I am just lucky... idk...
legendary
Activity: 1722
Merit: 1000
Screw a printer burn them to a CD.


Factory burned cd's and dvds are a completely different process than ones you burn at home.

Home burned CDs and DVDs are notoriously flaky and damage very easy. I lost huge amounts of data in the past because expensive archival quality dvds didn't last more than 1 year, let alone any cheap discs(which may be DOA or fail shortly after). It is a huge gamble with those items that depends upon the batch , brand, humidity and other environmental factors, ect...


I have them on 10 CD's.. 10 jump drives.. an external harddrive.. physically printed.

Encrypted with a +20 char pass..

Harddrive that was used to create them no longer exists and NEVER touched the web once.
legendary
Activity: 1722
Merit: 1000
Why in the shits of shits of shits are you reconnecting the Harddrive you created it on back to the net.

F
A
I
L

on an epic level.. epic beyond epic.

The harddrive used to create the wallet from bitaddress.org should never EVER EVER EVER touch the web again after you have encrypted the paper wallet.


EVER NEVER EVER EVER EVER AGAIN! EVER AGAIN.


So do continue with the assumption the harddrive which was used to encrypt the paper wallet using bitaddress.org will never touch the web again.

How does one break the encryption?
hero member
Activity: 658
Merit: 501
Screw a printer burn them to a CD.


Factory burned cd's and dvds are a completely different process than ones you burn at home.

Home burned CDs and DVDs are notoriously flaky and damage very easy. I lost huge amounts of data in the past because expensive archival quality dvds didn't last more than 1 year, let alone any cheap discs(which may be DOA or fail shortly after). It is a huge gamble with those items that depends upon the batch , brand, humidity and other environmental factors, ect...
legendary
Activity: 1722
Merit: 1000
Screw a printer burn them to a CD.
legendary
Activity: 3248
Merit: 1070
the point in the end should be to secure your desktop/laptop/device, it does not matter much which is less secure(and you are comparing a way where the wallet is encrypted and a way where it isn't...)

i did not even encrypted my wallet, and i never lost any btc due to thieves, because i have a secure desktop in primis, which is the most important thing

one thing you can do is dual boot(on separate hard disk, and remove the power from the Hdd with bitcoin everytime you boot with the other, this is secure at 100%, non-hackable)
hero member
Activity: 658
Merit: 501
Some average users also make use of "office" equipment / printers / Photo copiers at their place of work with built in hard drives. This is also a point of failure for some people.

On printers-
https://www.reddit.com/r/Bitcoin/comments/2aodta/on_printer_memory_for_the_security_of_printed/

PRINTERS WITH HARD-DRIVE:

Pretty much any home/personal printer will not have a hard drive, but most will have some kind of memory installed. Depending on the type of printer, as well as the model, will determine how much, if any, memory is installed.

Most memory that is in home/personal printers only hold the data for the current print job from anywhere from a few lines to a few pages, as the job is being printed. Once the job is complete or the printer is turned off, any data that was in memory is erased & unrecoverable. Printers commonly use basic RAM memory, which is commonly referred to as volatile memory since it cannot store data once power is removed.

NOTES ON PRINTERS WITH HARD-DRIVES:

    If the printer allows you to bypass its internal hard drive and print directly from RAM, select this setting for better security, and ensure that print jobs are not stored on the printer hard-drive.

    If you do choose to store print jobs on the drive, ensure that it is encrypted with a strong encryption method, such as AES.

    If the printer allows you to overwrite the data immediately after printing (or scanning or faxing, if it’s an all-in-one device), select that option.

    Almost all new models include a wipe disk function for decommissioning the printer, and most include disk encryption, so if you take the disk out of the printer you won't be able to read the information stored on it.

NOTE: Even old printers (laser, dot matrix, inkjet, etc....) had some kind of memory that they used for some data storage for printing.

NOTES ON PRINTER MEMORY:

    Most current printers have a couple megabytes of memory

    In some cases the printer may be using volatile memory with a battery backup, If it is, this should be mentioned in the user guide. In that case, leave it unplugged for however long the user guide says is too long.

MISC. NOTES FOR CREATING COLD STORAGE WALLETS:

    ALWAYS ASSUME YOUR DEVICES HAVE BEEN COMPROMISED BY BAD ACTORS (Criminals)
    Use a dedicated computer & printer for purposes of creating Cold-storage wallets.
    Keep both dedicated computer and printer off the internet, keep wireless options deactivated or physically removed if possible.

MOST POPULAR PRINTERS: Most Popular Printers with examples of on-board memory

Amazon top 13 Printers (Best Sellers)
#    Brand    Model    Memory Capacity    Notes
1    Canon    PIXMA MX922    Approx. 250 Pages12    FAX
2    Epson    XP-310 Wireless    NL    Not Listed
3    Brother    HL-2270DW Compact Laser    32MB    Standard
4    Epson    XP-410 Small-inkjet    NL    Not Listed
5    Canon    PIXMA PRO-100 Color    250 Pages    
6    HP    Envy 4500 Wireless    NL    Not Listed
7    Brother    MFCJ450DW    170 Page Fax Memory    
8    Epson    WF-3520 Wireless    NL    Not Listed
9    Epson    WF-2540 Wireless    NL    Not Listed
10    Epson    WF-3620 Wireless    Up to 180 pages    Fax Memory
12    Canon    LBP6000    2MB    buffer memory
13    Hewlett Packard    1102W Wireless    8 MB    Standard
legendary
Activity: 1904
Merit: 1074
And the method you described for creating a paper wallet is a lot of steps for the average user IMO.

The average user ...............

Some average users also make use of "office" equipment / printers / Photo copiers at their place of work with built in hard drives. This is also a point of failure for some people.

This has been demonstrated in one of the episodes in the TV Series "Hacking the system"   Wink

Blazr - Your solution is a bit complicated for the "average" user. If I tell the general public to do that, they will not accept Bitcoin as a payment method.

How about a "Idiot's guide to create secure Cold storage" ?

I will use your more advanced guide ... thanks.  Grin
hero member
Activity: 882
Merit: 1006
What's the best way to spend the bitcoin on my paper wallets then? Since the bitcoins are already stored there.

What you can do is you can create a custom version of Ubuntu that contains an SPV client like multibit or electrum and burn that to a CD and use that. Though creating a custom version of Ubuntu is annoying to do. You could also install a copy of electrum on the live cd, to do that simply type "sudo apt-get install electrum" into a terminal when running the live CD, though you'll have to do this each time you boot the live CD.

After you do that make a throwaway wallet and import the private key into that and sweep the funds off to a new address.

That is somewhat better.  The ideal solution would be to use a separate cold storage PC, and if you are doing that you may as well just use a normal encrypted wallet.
hero member
Activity: 907
Merit: 1003
Isn't this a safe way to spend bitcoins from a paper wallet:

1.) Boot from a Linux Live DVD
2.) Visit blockchain.info
3.) perform a sweep of the entire contents of the private key to your destination.

Using the Live DVD prevents any malware or key loggers.

And sweeping the key, removes the funds fully from your private key and puts them where you want without re-using the original private key.

You are exposing yourself to all kinds of risks by using blockchain.info. Yes, I know they are trustworthy, but they CAN access your funds despite what people say as they can modify the code at anytime, or a hacker whos broken in can modify the code, or they could mess up again and introduce another bug like last time where they almost lost 1,000's of BTC. It's an unnecessary risk. In the past, lots of people were hacked when they accessed blockchain.info over Tor. This is due to man-in-the-middle attacks, which happen all over the internet, not just on the Tor network although they are more common there due to the way the Tor network is designed.

Malware CAN jump from your main OS onto your live CD, I explained a few ways this can happen in this thread. This is not something the happens a lot, but it is trivial for a hacker to do some of the techniques I described, and I'm sure eventually hackers will start looking into these kinds of techniques if people are using live CD's to protect their coins.

Not reusing the paper wallet is a good idea. You should definitely do that.

What's the best way to spend the bitcoin on my paper wallets then? Since the bitcoins are already stored there.
hero member
Activity: 882
Merit: 1006
Isn't this a safe way to spend bitcoins from a paper wallet:

1.) Boot from a Linux Live DVD
2.) Visit blockchain.info
3.) perform a sweep of the entire contents of the private key to your destination.

Using the Live DVD prevents any malware or key loggers.

And sweeping the key, removes the funds fully from your private key and puts them where you want without re-using the original private key.

You are exposing yourself to all kinds of risks by using blockchain.info. Yes, I know they are trustworthy, but they CAN access your funds despite what people say as they can modify the code at anytime, or a hacker whos broken in can modify the code, or they could mess up again and introduce another bug like last time where they almost lost 1,000's of BTC. It's an unnecessary risk. In the past, lots of people were hacked when they accessed blockchain.info over Tor. This is due to man-in-the-middle attacks, which happen all over the internet, not just on the Tor network although they are more common there due to the way the Tor network is designed.

Malware CAN jump from your main OS onto your live CD, I explained a few ways this can happen in this thread. This is not something the happens a lot, but it is trivial for a hacker to do some of the techniques I described, and I'm sure eventually hackers will start looking into these kinds of techniques if people are using live CD's to protect their coins.

Not reusing the paper wallet is a good idea. You should definitely do that.
hero member
Activity: 907
Merit: 1003
Isn't this a safe way to spend bitcoins from a paper wallet:

1.) Boot from a Linux Live DVD
2.) Visit blockchain.info
3.) perform a sweep of the entire contents of the private key to your destination.

Using the Live DVD prevents any malware or key loggers.

And sweeping the key, removes the funds fully from your private key and puts them where you want without re-using the original private key.
Pages:
Jump to: